Network Threat Assessment

Gain Visibility and Insight with ALL available intelligence sources

Summary:

The Network Threat Assessment (NTA) will provide additive security value by operationalizing threat intelligence on the client's corporate network. The NTA will deploy a QuickThreat® Gateway using large dynamic sets of threat intelligence derived indicators in real-time. Threat intelligence will include third-party intelligence sources, threat indicators generated from next generation security products, and client internally developed threat intelligence if desired. The NTA will deliver real-time threat awareness, dynamic response, and the identification of previously undetected in- bound and out-bound threats.

During the assessment the client will be provided dedicated engineering and analytic resources to assist in the configuration, deployment, and analysis of threat intelligence results. The dedicated resources will be available to assist in reviewing findings, adapting policies, creating risk models tailored to the client enterprise, and coordinating with threat intelligence partners. The engineering and analytic resources will work closely with client employees to understand current threat mitigation workflow and identify opportunities for increased impact and efficiency using Centripetal Networks technology. The dedicated resources will be directly responsible for producing daily, weekly, and executive summary reports.

Monitoring Deployment:

Performing an NTA relies on deploying one or more QuickThreat® Gateways in the client network, preferably on TAP ports inside and outside the firewall. If a proxy is in use, the internally TAP should be located as close to the Hosts/Workstations/Users as possible. Additional deployment configurations are possible to achieve full host correlation. Centripetal's deployment team will assist you in determining the best deployment options.

The Centripetal team will provide guidance for:

Location of the QuickThreat® Gateway or multiple Gateways

Configuration of the QuickThreat Gateway

TAP/SPAN ports to provide network traffic to the QuickThreat Gateway

Configuration for internal host correlation

Connectivity to existing Threat Intelligence Platforms (TIP)

Connectivity to the SIEM

QuickThreat® Gateway installed in a monitoring configuration

NTA Schedule:

An NTA is performed in three seperate stages. Organizations can choose their level of involvement and there are minimal requirements in order to deploy the system properly in the environment.

Stage 1 consists of a Network Survey and Installation, customization of the risk policy and threat intelligence sources, host correlation, and begins the collection of network activity.

Stage 2 consists of three weeks of data processing, intelligent analyst-drive reporting, presentations of findings, and training of the security and network operations teams.

Stage 3 is post-NTA for organizations pursuing a continuation with the Network Threat Management (NTM) service, or a full deployment of QuickThreat®.

Sign Agreement to continue in NTM service or purchase & deploy system operationally

Executive Sponsor

Plan deployment and perform Kickstart services on site

Network Operations Team

Testing Your Installation:

During an NTA, the QuickThreat® Gateway is deployed in the client network, preferably on TAP ports inside and outside the firewall. In order to test that full path correlation is functioning properly, a user inside the network can use the instructions found in this document to test IP, FQDN, and URL indicator matching and learn how to extract the PCAP contents to retrieve the contents of the file.

Instructions include:

Create IP, FQDN, and URL Indicators

Create Policy based on test indictors and enable PCAP

Navigate to the NTA test page from a client inside the network

Ensure correlation of network traffic matches the unique client

Download test document PDF

Extract PCAP contents to retrieve the original downloaded file

NTA Test Document and Instructions

For information regarding a Network Threat Assessment Service please submit the following and you will be contacted shortly.